iss risk special report - the emergence and growth of isis...
TRANSCRIPT
Intelligent Security Solutions Holding Limited
Room 501, 5/f, Chung Ying Building
20 Connaught Road West
Sheung Wan
Hong Kong Phone: +852 5619 7008
China Phone: +861 3910 9907 39
www.issrisk.com
Copyright Intelligent Security Solutions Limited. All rights reserved. Neither this publication nor any part of it may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior consent of Intelligent Security Solutions Limited.
ISS RISK Special Report - The Emergence and Growth of ISIS in Bangladesh:
How the JMB acted as the conduit for the establishment of ISIS in
the South Asian nation and how the model and structures
potentially impact Asia and beyond September, 2016
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 1
Table of Contents
Introduction.............................................................................................................................................. 2
Research methodology ........................................................................................................................... 3
Research findings ................................................................................................................................... 4
Relationship mapping .............................................................................................................................. 6
Observations ........................................................................................................................................... 6
Summary ............................................................................................................................................... 16
Introduction to the Pool Matrix System ................................................................................................. 17
Overview of the command structure ..................................................................................................... 18
Overview of the intelligence structure ................................................................................................... 21
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 2
Introduction
Bangladesh has seen a steady increase in radical Islamic terrorism over the past few years,
culminating in several large coordinated attacks in the summer of this year, the Holey Artisan
Bakery attack in Dhaka, Sholakia Eid Day attack and the police raid in Kalyanpur, Dhaka
were larger scale incidents. The attacks resulted in multiple deaths and casualties
demonstrating a patently upward threat trajectory, a trajectory that should have been
acknowledged as evidence that the local groups were no longer simply operating under the
same modus operandi as before.
The government position has been to label the attacks as local or from indigenous groups,
and not ISIS’ and AQ’s despite their claiming of the attacks. So is the government position
accurate, or one of deflection? It would be simpler to merely argue that the government is in
denial and that by laying the blame at the feet of local militant groups they are trying to steer
consensus away from the existence of external terrorism in the country. Is this political folly
or is there something to the government claims?
Both yes and no are the answer, but this is not a sit on the fence answer. The government
technically are correct in claiming that these are actions of home grown groups, however,
they are without question in denial that these groups have no affiliation or relationship with
external global jihadists. Consequently, this report is an examination of the growth of terrorist
groupings in Bangladesh, an attempt to unravel who they are, where they come from and
what the state of play is now and moving forward. The security services have, to date,
achieved a fairly significant degree of success in neutralising ‘some of the cells’ involved.
However, this is where contemporary thinking on organisational structure needs to be
challenged. Understanding the difference to this organisational structure is seminal if one is
to truly understand the current challenge presented by such terrorist groups. A cellular based
approach to understanding the growing threat of Islamic fundamentalism is no longer
adequate. ISS Risk will be challenging this concept within this report and presenting the
model of organisational structure that is emerging and representative of the growing
sophistication of regional, trans-regional and aspiring globalised terrorist groupings: the
‘Pool Matrix’ structure.
The evidence presented in this report, although focused on the events and developments in
Bangladesh, is indicative of the evolution of terrorism networks globally and attempts to
create a different discourse on how to approach and evaluate the organic nature of these
ever morphing and transcendent groups.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 3
Research Methodology
We began the project and collation process with the three recent terrorist incidents in
Bangladesh – Holey Artisan Bakery attack in Dhaka, Sholakia Eid Day attack and the police
raid in Kalyanpur, Dhaka. Our initial research identified around 20 terrorists who were found
to be directly involved with these terrorist incidents and most of them were already dead.
We then undertook a thorough open source research on each of these terrorists and
identified their background and most importantly, their terrorist connections. A terrorist X is
assumed to be connected to terrorist Y if our research indicated that X knows Y or vice versa
in a terrorism context. The different scenarios of a terrorist connection are outlined below:
1. Terrorist X and Y have undergone training at the same location or
2. Were known to have been involved in the same terrorist operation or
3. Were residing at the same location prior to a terrorist attack or
4. Were arrested in a single counter-terrorism raid or
5. Were killed during a single counter-terrorism operation or
6. Were indoctrinated in jihadist ideology by the same recruiter at the same location
or
7. Were together involved in terrorist activities like propaganda, recruitment,
terrorist funding etc.
Every new name identified as a terrorist revealed further connections to the initial list of 20
terrorists and were in turn further investigated, their additional terrorist connections once
identified were then added and yet further new terrorist or associates names were identified
and added to the network. In this endeavour, we mostly relied on Bengali language reports
published by Bangladeshi media houses.
The correlation between the various targets lead to the identification of a significant network
which is also clearly identifiably interconnected, and on occasion, isolated ‘pools’. Each shall
be explained in the proceeding sections.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 4
Research Findings
After executing this process multiple times for each subject, we were able to identify 223
terrorists and / or suspects who were involved with JMB and / or ISIS in the Bangladeshi
context and were directly or indirectly related to different terrorist attacks in Bangladesh, that
were claimed by ISIS, during the last 12 months. Our research identified suspected terrorists
who were involved in some form or shape with the following incidents:
1. Japanese murder: Murder of Japanese national Kunio Hashi in Rangpur district on 3
October, 2015. Claimed by ISIS. Three terrorists were found to be directly linked to this
incident.
2. Khadem murder: Murder of the caretaker of a shrine in Kaunia upazilla, Rangpur
district on 10 Nov, 2015. Claimed by ISIS. One terrorist was found to be directly linked
to this incident.
3. Shibganj Shia mosque attack: Attack on Shibganj Shia mosque on 27 Nov, 2015.
Claimed by ISIS. Six terrorists were found to be directly linked to this incident.
4. Dhaka attack: Terrorist attack at Holey Artisan bakery in Dhaka on 1 – 2 July, 2016.
Claimed by ISIS. 26 terrorists were found to be directly linked to this incident.
5. Sholakia attack: Attack at Sholakia during Eid Day on 7 July. Blamed on JMB. 15
terrorists were found to be directly linked to this incident.
6. Kalyanpur raid: Police raid at a building in Kalyanpur area of Dhaka on 26 July. The
cell was believed to be a part of JMB/ISIS. 12 terrorists were found to be directly linked
to this incident.
7. Ansar Rajshahi: Police arrested three militants belonging to a new group Ansar
Rajshahi from northern Bangladesh on 14 August. Four terrorists were found to be
directly linked to this incident.
8. Tongi arrest: Police arrested five JMB militants from Tongi on 26 August, including
Canadian national Rasheduzzaman Rose. Five terrorists were found to be directly
linked to this incident.
9. Additional suspects: A further 159 terrorists who were not directly involved in any of
the above terrorist incidents were identified in our research.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 5
Our research also identified 553 connections between the 223 terrorists identified, which
means that of the 223 terrorists, there were at least 553 pairs who knew each other
personally in a terrorism context. Additionally, we identified each terrorist based on his / her
status, as described below:
1. Absconding: The individual is considered a terror suspect and has voluntarily
absconded to avoid the security forces. We identified 64 suspects in this category.
2. Arrested (culpability unknown): The suspect has been arrested, but his / her
culpability in terrorist activities could not be determined from available information. We
identified 12 such individuals.
3. Arrested (direct suspect): The suspect has been arrested by the police and is believed
to be directly involved in terrorist activities. We identified 60 suspects in this category.
4. Arrested (indirect suspect): The suspect is arrested by the police, but his / her
involvement in terrorist activities remains unclear. Eleven such suspects were identified.
5. Killed: Killed during terrorist attack or police raid - 26 such dead terrorists have been
identified.
6. Missing (indirect suspect): The suspect has gone missing, but the police believe that
the suspect is involved in terrorist activities. We identified 19 such suspects.
7. Unknown: The status of the suspect remains unverifiable - 30 such individuals have
been identified.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 6
Relationship Mapping
After identifying the above data, we used the information to visually establish connections
between terrorists and involvement of a terrorist to a certain terrorist incident through
network mapping software. We followed the convention outlined below while undertaking the
mapping exercise:
1. Curved edge rectangle: Representing a terrorist, with the name of the terrorist written
over the rectangle. The rectangles are colour-coded based on the status of the
respective terrorist, e.g. red for ‘Killed’, orange for ‘Absconding’ and so on.
2. Diamond: Representing a terrorist incident, with the name of the incident written over
the diamond. The diamonds are colour-coded for each incident, e.g. green for ‘Dhaka
attack’, purple for ‘Sholakia attack’ and so on.
3. Black line: Used between two rectangles (i.e. terrorists) signifying a terrorist connection
between them.
4. Green line: Used between an incident (diamond) and a terrorist (rectangle), signifying
the direct involvement of the terrorist in the incident.
The different terrorist relationship infographics, thus generated, are shown in the subsequent
sections of this report.
Terrorist suspects awarded the status ‘Unknown’, as described in the previous section, have
been given alphanumeric codes from S1 to S30 in the maps, instead of their real names.
Each Incident is represented on a map of Bangladesh using a geo-location plotting method.
Observations
The various relationship maps thus created are shown below:
Map 1: Basic pool composition
Map 2: Complex pool composition
Map 3: Connections between terrorist
Map 4: Direct involvement of terrorists to incidents
Map 5: Connections between all terrorists and incidents
Map 6: Location of pools
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 7
Map 1: Basic pool composition
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 8
Map 2: Complex pool composition
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 9
Map 3: Connections between terrorist
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 10
Around 45 terrorists were found to be isolated from the main network, while four small and
isolated networks of terrorists were also identified. Finally, the remaining, circa 160 terrorists,
were found to be interlinked to each other through a complex web of intermediaries.
Key Observations
The red [Killed] and blue [Arrested – direct suspect] rectangles have the most number of
connections (as demonstrated by black lines) to other terrorists. So, we can assume that the
Bangladeshi security agencies have been successful in neutralising most of the highly
connected terrorists – from the known network.
However, the large number of orange [Absconding] and yellow [Missing – indirect suspect]
isolated rectangles also demonstrate that the security agencies are facing a very serious
intelligence gap in terms of knowing the actual strength and spread of the terrorist network.
We are not claiming that the terrorist network data we are providing represents the entire
terrorism landscape of JMBs’ / ISISs’ supporters in the nation; rather we believe it is only a
small section of the entire network, which is patently more complex, larger and intertwined.
As such, it is safe to assume that the Bangladeshi security agencies have only ‘touched the
tip of the terrorism iceberg’ within their nation and a large number of jihadists are still
roaming free, with the capabilities and the intention of carrying out acts of terror.
The map also shows that Tamim Ahmed Chowdhury (Mr TAC1), the now deceased emir of
ISIS in Bangladesh, was a highly connected person in the Bangladeshi jihadist landscape. In
fact, most of the red rectangles (Killed) are found to be connected to a large number of other
terrorists. A possible explanation of this observation is that the potential jihadists in
Bangladesh have to pass through a lengthy vetting process, during which they need to prove
their ideological commitment. Only the candidates who pass this screening process are
given access to the internal secret activities of the organisation, including training and
operational planning as well as recruitment and network development.
The individuals who take part in any terrorist attacks are quite senior figures in the
organisation (despite some of them being quite young), having been part of the organisation
for a significant period of time, have proved their credibility to the cause and in the entire
process became acquainted to several other terrorists from the organisation. The fact that
most of the killed terrorists had remained missing for several months before their respective
terrorist incidents, also validate this vetting process discussed above.
1 As identified in ISS Risk’s January 2016 Special Report on Bangladesh
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 11
Map 4: Direct involvement of terrorists to incidents
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 12
The incidents map above shows a significant degree of compartmentalisation in the sense
that most of the incidents/cells were totally isolated from one another. This is not something
which happened by chance and it is our assessment that the cells were intentionally kept
isolated for operational security, secrecy and to avoid potential infiltration by the security
agencies. Quite a few terrorists were common to the Dhaka and Sholakia attack cells, which
makes it highly likely that both the incidents were carried out by the same terrorist cell.
Mr TAC is found to be directly linked with Dhaka, Sholakia and Kalyanpur incidents. This
signifies that the emir was directly involved in the operational planning of the group in
Bangladesh and as a formally appointed emir of ISIS in Bangladesh, it is highly likely that he
was receiving instructions from the ISIS external operations department in Raqaa, Syria. So,
it is our assessment that the activities carried out in Bangladesh had direct approval from the
ISIS HQ.
Although the previous map demonstrated that most of the incidents / cells are isolated; the
map below also shows that seven out of the eight incidents were actually interconnected
through different terrorist intermediaries. By this, we mean that a network of around 160
terrorists were in common to seven of the eight incidents. It is our assessment that this large
network of 160 terrorists served as the common terrorist pool, which provided the required
support base to all the incidents. While a few members of the pool directly participated in
certain incidents; the other maintained a passive yet significant role in the survival and
operations of the overall terrorist network.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 13
Map 5: Connections between all terrorists and incidents
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 14
Map 6: Location of cells
Map 6 demonstrates the operational presence of the terrorist network in and around the capital Dhaka as well as the northern and western part
of the country. Interestingly, we identified this TAOR of the terrorist group in a report we published in July 2016, where we published the
following map, which clearly identifies the three different TAORs of the group.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 15
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 16
Summary
The foundations for the infiltration and growth of ISIS in Bangladesh have clearly been laid
for some time. This organisational structure did not just suddenly appear recently. Evidently
significant planning and preparation led to this escalation in the threat trajectory. However,
why so many combat indicators, intelligence indicators and warning signs were either
missed entirely or misread by the authorities and the intelligence and security services is a
central question.
Given the scale of the network and its exponential growth since seemingly 2012 / 13, the red
flags should have been hoisted long ago. One explanation is that the security services and
intelligence agencies were looking in the wrong direction, which is not a criticism, more an
observation and acknowledgement that the complex nature of the network would be difficult
to identify regardless.
The security forces have had a degree of success as stated earlier in neutralising elements
of the pool, however, a significant element remain intact and in play and pose a real and
current risk. One need look no further than the network behind the Paris attacks, the
authorities believed within a matter of weeks they had neutralised that entire group.
Remnants of that same group were behind the Brussels attacks, and ten months following
the Paris attack there are still elements of that group or pool at large, being gradually
rounded up. However it is right to point out at this juncture that in parallel with the capture of
these ‘original’ pool members, with the passage of time one can logically assume that new
elements have been deployed to replenish the depleted ranks. Bangladesh is no different in
this respect; on the contrary, entire pools in Bangladesh seem to still be intact.
The scale of the risk is the unknown quantity here. The network that is slowly being
degraded and dismantled in Bangladesh was and still is extensive. Access to sophisticated
weapons and explosives has been cited as a detriment to their capabilities. We would
counter that by pointing out that they have still managed to inflict mass casualties with even
rudimentary explosives, basic firearms and common everyday implements such as
machetes and knives. If the network identified so far has only been degraded by some 50%
it still leaves a formidable and resilient pool in place. Losing the leader, or Emir, is likely only
a temporary setback for the network, as he will be replaced fairly quickly and one can expect
to see a vigorous escalation of activities again.
Understanding the nature of the structures, command and control, intelligence, modus
operandi will assist in comprehending the scale of the threat and the potential growth and
trajectory of that threat.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 17
Introduction to the Pool Matrix system
The foundations of this structure and modus operandi have been derived from the
application of consilient thinking, essentially, why re-invent the wheel when you can improve
on what you know already works. Thus, a combination of tried and tested structures over
decades stretching across continents, ranging from the cell system, the column system, the
pool system and conventional structures have been meshed together to create a new
resilient and effective structure. This structure is a Pool Matrix system.
In order to escape detection, ‘sleeper pools’ are a significant element of the structure, which
operate independently from their parent organisations, unless involved in a larger operation
requiring greater human and physical resources. Such a system allows for greater covert
activity, particularly given no one except members of a particular pool would be aware of the
chosen target.
In basic terms individual pools can consist of approximately anywhere between 20 - 35
people, however, this will vary from pool to pool due to many factors ranging from local
nuances and geographical location through to the strategic directions and objectives
emanating from the central command and control. In short, each pool will comprise a support
element and an active element. The individual members of each pool, regardless of role, are
commanded at local level. Consequently, although the strategic direction will come from
higher up in the system, the pools effectively have autonomy.
This benefits the terrorists in several ways. Firstly, the requirement for a detectable
communications channel is greatly limited. Secondly, logistical support is an internal
consideration and responsibility of the pool, therefore movement and transportation and
acquisition of materials is strictly controlled to effectively reduce combat indicators and
minimise potential traces. Thirdly, the possibility of infiltration is greatly reduced and made
much more difficult.
On a command level it is very simple to replace the current commander, for whatever
reason, with another member of the active element. Likewise, it is very easy to replace an
active member with a support member should the need arise. These are just some examples
of primary strengths on a local level that combine to give added strength to the overall
structure and modus operandi.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 18
Overview of the command structure
Localised pool commands
As outlined, the local pool consists of a variable number of members, one of whom is drawn
as the commander with the remainder subordinate to him. The pool is further sub-divided
into active and support. The pool will operate and conduct operations within its area of
existence. The operations will be compatible to the size of the pool and human and logistical
resources at its disposal. This makes the ‘pools’ existence manageable and very controlled
on a primary level and accountable on a higher level, or levels.
Regional pool commands
This comprises the local, individual pools within a given or predetermined geographical
region. The command element will consist of the commanders of the local pools drawn
together. One local commander will assume the role of commander of the regional pool.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 19
Subsequently he has greatly increased powers of command and access to significantly
enhanced human and logistical resources. This is similar to the concept of ‘Step Up
Command’ employed by conventional armies.
Combined regional pool commands
This element comprises the integration and ‘Pooling’ of several regional pools within a given
or predetermined geographical locality. Again, the same principle as above applies in respect
of command allocation and ‘Step Up’. It should be highlighted that the entire command
element do not need to be fully involved in planning and preparation of attacks at this level,
only those to whom it is relevant or required from the operational areas or target area.
Moreover, geographically a much greater area of operation is now created; obviously the
human and logistical resources are greatly increased. Perhaps most importantly information
about the nature of an operation is greatly controlled and even traceable.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 20
Combined inter-regional pool commands
The next level comprises the command and control elements representative of a ‘pooling’ of
combined regional pools. The scope of the combined inter-regional pool command could
effectively encompass an entire country or province / state / county. Evidently it goes without
saying that all resources are maximised to their fullest capacity. Again only the necessary
command elements are pooled for specific operations with a single regional commander
taking control and all others remaining subordinate to him.
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 21
Overview of the intelligence structure
Localised pool intelligence
Gathering and collation of information is tasked to the support element. This is done on an
individual basis and specific in nature, i.e. one support member tasked to gather information
on security procedures at an airport within a specific time bracket. A second person can be
instructed to gather the same information for a different time bracket. The fact that many of
the support elements will not be either known or even suspected greatly enhances security
by reducing combat indicators.
Moreover, the knowledge of the nature of the task is restricted to the person, commander,
issuing the instructions. He has the resources to detail as many support members as he
determines is necessary to gather ‘bits’ of information without them knowing what is being
planned or who else is gathering information and for what purpose. This also considerably
reduces possible security compromises and leakages. Furthermore, should information be
leaked, then given the specific nature of the individual tasking’s then it is quite easily
traceable to a specific person, thereby further increasing security.
For smaller, localised operations this method is ideal as local knowledge can be exploited on
top of new information gathered. However, at the ‘inter pool’ and ‘regional pool’ and
‘combined regional pool’ levels intelligence liaison becomes much more complex when
operations are more ambitious and involve more in-depth planning, intelligence gathering
and numerical increments of active participants.
Regional pool intelligence
As previously outlined an increase in scale of operations requires an increase in active
participants and support elements. This is coordinated and directed at a regional level. The
effect is to enhance operational capabilities and by default an increase in security is
effectively achieved. This is done through the same principle of individual tasking and the
use of double or multiple tasking. The spread of the member base now effectively means
that the degree of information required to be collected by an individual can be minimised,
thereby decreasing an individual’s possible knowledge of the nature of the operation and
enhancing security but at the same time hugely increasing the scale of information that can
be gathered due to increased human resources available.
The information / intelligence gathering can now be spread thinly amongst a larger number
of support elements through the existing command and control chains with the same
principles of bite sized tasking being passed through the pools. This is akin to each person
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 22
having only one piece of the ‘jigsaw puzzle’. The commander doing the tasking at regional
level will effectively be the only person with all the pieces of information and each individual
piece of information can be traced to a given support member should there be a security
breach or leak.
Combined regional pool intelligence
This operates on the same, but very much expanded, principle as the combined local pool
structure. Although liaison and co-ordination are now more complex, the increase in the
complexity of co-ordination is largely negated through vastly increased human and logistical
resources.
Delegation of intelligence gathering becomes much more effective, as above, the spread of
the member base now effectively means that the degree of information required to be
Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis
Page | 23
collected by an individual can be minimised, thereby decreasing an individual’s possible
knowledge of the nature of the operation and enhancing security. At the same time,
however, hugely increasing the scale of information that can be gathered, due to increased
human resources available, is achieved. The system now becomes even more difficult to
scrutinize and analyse at a counter terrorist / intelligence level.
Combined inter-regional pool intelligence
Yet again, this operates on the same, but very much expanded, principle as the combined
regional pool structure. Liaison and co-ordination are now even more complex, although as
previously the increase in complexity of co-ordination is largely negated through vastly
increased human and logistical resources.
Delegation of intelligence gathering becomes much more effective, as above, the spread of
the support base now effectively means that the degree of information required to be
collected by an individual can be further minimised, thereby decreasing, yet further, an
individual’s possible knowledge of the nature of the operation and enhancing security but at
the same time hugely increasing the scale of information that can be gathered due to
increased human resources available. Combat indicators are now virtually non-existent and
the system now becomes even more difficult to examine and analyse at a counter terrorist /
intelligence level.